US8345878B2 - Method for distributing cryptographic keys in a communication network - Google Patents

Method for distributing cryptographic keys in a communication network Download PDF

Info

Publication number
US8345878B2
US8345878B2 US12/675,667 US67566708A US8345878B2 US 8345878 B2 US8345878 B2 US 8345878B2 US 67566708 A US67566708 A US 67566708A US 8345878 B2 US8345878 B2 US 8345878B2
Authority
US
United States
Prior art keywords
segments
network
party
message
protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US12/675,667
Other languages
English (en)
Other versions
US20110129090A1 (en
Inventor
Eric Grall
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales SA
Original Assignee
Thales SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales SA filed Critical Thales SA
Assigned to THALES reassignment THALES ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GRALL, ERIC
Publication of US20110129090A1 publication Critical patent/US20110129090A1/en
Application granted granted Critical
Publication of US8345878B2 publication Critical patent/US8345878B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the present invention relates to a distributed negotiation protocol for cryptographic keys.
  • This network can be a highly redundant fixed network, that is to say that it comprises a number of routing paths, or else an ad hoc network.
  • the ad hoc networks are formed via the self-configuration of the routing tables of each of the communicating nodes that form an integral part of the network.
  • KMI key management infrastructure systems
  • an ad hoc network is a network in which the information is routed by the nodes that make up the network. There are no fixed routing infrastructures from which to know the overall topology of the network. Each of the nodes of the network behaves like a router with its neighbors. In this context, there are several orders of technical problems to be resolved: each of the nodes needs to be able, at a given instant, to know a portion of the topology of the network in order to be able to communicate with a recipient node.
  • Confidence in the network is one of the major problems in the context of ad hoc networks.
  • the routing information and the user information circulate via private communication nodes, and therefore with zero confidence level.
  • an ad hoc network is by its nature mobile, no confidence system, no public key infrastructure, can be implemented in this context.
  • the validation must be done by the confidence system.
  • the prior art known to the Applicant, relates to the protocol for exchanging keys via the internet that is better known by the abbreviation IKE, for Internet Exchange Key, that makes it possible to calculate a common secret in order to secure the exchange between two entities.
  • IKE Internet Exchange Key
  • This protocol is described in the IETF publication RCF 2409 available at the following internet address: http://www.ietf.org/rfc/rfc2409.txt. Although it is effective, this protocol presents the following drawbacks:
  • this secret is validated by the encryption and the verification of said secret by a pre-shared key or by a certificate supplied by a key management infrastructure (KMI or public key infrastructure PKI).
  • KMI key management infrastructure
  • the confidence between the players is implemented via certificates or signatures, deployed from public key management infrastructures (KMI).
  • KMI public key management infrastructures
  • This mechanism allows a so-called certification authority to validate the confidence of the information between the various certified users. Confidence is therefore located at the level of a single entity, combining the functionalities of certification, validation and revocation of the users or equipment combined within a determined group holding valid certificates.
  • This security strategy in a network operating with the internet protocol, or IP is therefore based on the centralization of the confidence in a single node of the network, and a broadcasting of this confidence in the form of certificates using administrative methods (chip cards, USB key, etc.).
  • G ⁇ g> be a cyclical group.
  • the two parties U 1 , U 2 each choose, at random, x 1 ,x 2 belonging to the cyclical group G respectively and exchange the values g x1 ,g x2 over the network.
  • the user U 1 (respectively U 2 ) then calculates the Diffie-Hellman secret g x1x2 by receiving the message from U 2 (respectively U 1 ).
  • FIG. 2 The known MIM attack is presented in FIG. 2 .
  • One or more malicious users H place themselves between the two parties U 1 , U 2 , and will take over relaying the information from one to the other.
  • FIG. 2 represents the case in which there is only one malicious third party.
  • U 1 exchanges his value g x1 over the network addressed to U 2
  • the attacker H will pass himself off as U 2 and reply in his place via a secret g h . He will do the same for the party U 2 .
  • the two parties will communicate via a pseudo-confidential channel via the attacker H with the common secrets, between U 1 and H: g x1.h and between U 2 and H: g x2.h .
  • One aim of the invention is to offer a solution to the confidence problems between at least two entities of a network.
  • the object of the invention relates, notably, to a distributed negotiation protocol for keys via a distribution mechanism that is redundant and insensitive unitarily to a public value sensitive to the abovementioned attack, this value enabling each of the participants to generate a common secret, over a dynamic set of routing paths in a target network.
  • the network can be an ad hoc network or else a fixed network.
  • the set of the routing paths can be fixed on starting or evolve over time.
  • the object of the invention relates to a method making it possible to distribute elements for generating one or more cryptographic or encryption keys between at least two users A and B in a network comprising a number of nodes Ni interlinked by means of communication highways, the network implementing a routing protocol, wherein it comprises at least the following steps:
  • the reference message N a , N b for the parties A and B is, for example, a random variable.
  • FIG. 1 a diagram relating to the Diffie-Hellman protocol
  • FIG. 2 an exemplary MIM-type attack on the Diffie-Hellman protocol
  • FIG. 3 a multi-path routing in the ad hoc network
  • FIG. 4 the structure of the DHD protocol according to the invention native in an ad hoc network
  • FIG. 5 the structure of the DHD protocol incorporated in version 6 of the protocol or IP.v6 optionally.
  • the example given hereinbelow in a nonlimiting manner is based on the mechanism of decomposing and recomposing the Diffie-Hellman information, and its distribution over an ad hoc network comprising a number of nodes Ni interlinked by means of communication highways, a source A and a recipient B.
  • the mechanism for distributing and broadcasting the public Diffie-Hellman value via a number of routing paths makes it possible to disperse the possibility of an attack on the communication between the two entities at the moment of the negotiation of the key that follows the encryption of the communication channel.
  • Any other cryptography mechanism not involving the Diffie-Hellman mechanism, can be used.
  • FIG. 4 illustrates the principle implemented by the inventive method.
  • the example is given as a nonlimiting example for the case of an ad hoc network of high density. This example may correspond to the networks that will exist in the major cities in a few years.
  • the network could also be a fixed network comprising a sufficient number of paths to execute the steps of the method according to the invention.
  • the routing paths taken by the portions of the calculated public value are, preferably, unconnected paths, that is to say that they do not include nodes Ni in common.
  • the method allows for a percentage of nodes to cross.
  • the method comprises a number of steps detailed hereinbelow:
  • the Mojette transform is a discrete Radon mathematical transform that makes it possible to project a data set from a space of dimension N on to a space of dimension N ⁇ 1.
  • This transform has the necessary “parceling out” and “security” properties in the protocol context. It is also possible to use the Reed-Solomon transform instead of the Mojette transform.
  • the transformation used in the method according to the invention offers the particular feature of generating redundancy. This redundancy is distributed over the segments resulting from the decomposition of the sensitive public value into a number of portions. The choice of the redundancy value to be used is defined, for example, according to the number of paths that may be attacked.
  • the distributed method for negotiating keys comprises at least the following steps:
  • an ad hoc network of size N, is considered, with two parties A and B communicating via k unconnected or partially unconnected paths (see FIG. 3 ). These paths will be chosen in the topological database of each of the two communicating nodes A and B, via the implementation of a path discovery protocol based on a proactive mode according to the principles known to those skilled in the art and that will therefore not be detailed here.
  • the intermediate nodes act as routers and transmit a packet to the next node, and do so by following the routing paths predefined or defined in real time, as mentioned hereinabove.
  • B recovers a certain number of unmodified segments: g ai g ai+1 . . . g ai+l and recovers j segments modified either by an attacker, or by a network error: g h1 g h2 . . . g hj , with j+l ⁇ m.
  • A recovers a certain number of unmodified segments: g bi g bi+1 . . . g bi+l and recovers j segments modified either by an attacker, or by a network error: g f1 g f2 . . . g fj with j+l ⁇ m.
  • the calculation implemented is as follows: g ab ⁇ ⁇ max( M ⁇ 1 ( g yi g yi+1 g yi+2 . . . g y+o ), with g yi belonging to [ g bi ,g fi ].
  • the calculation implemented is as follows: g ⁇ ab ⁇ max( M ⁇ 1 ( g yi g yi+1 g yi+2 . . . g y+o )), with g yi belonging to [ g ai ,g hi ].
  • This principle makes it possible to withstand a number of MIM (Men-in-the-Middle) type attacks, with implementation of a decision (representativeness of a datum with regard to the total number of combinations) in order to retain the most consistent value g x .
  • the distributed protocol for negotiating keys is, for example, implemented by incorporating it in a representative manner (DHD identifier) as diagrammatically represented in FIG. 4 , in the datum of the ad hoc protocol format.
  • DHD identifier a representative manner
  • the method includes the following fields:
  • the method uses a number of distribution paths by decomposing the information between the two parties in order to communicate only a portion of the public value to each of their neighbors; if one or more attackers try to modify the DH value of each of the final parties, he or they can only modify a certain percentage thereof, which is all the lower as the breakdown number increases.
  • the system consisting of the two entities is sufficient in itself, and makes it possible to create a secured channel by using the distribution of elements that are redundant and insensitive unitarily.
  • the system is autonomous and, in normal operation, has no key management center, an advantage in an ad hoc network where the management of the keys is a problem that is currently unresolved by the prior art.
  • the protocol according to the invention does not require any keys or certificates pre-shared between the two entities.
  • Each entity needs to be able to recalculate the common secret from a redundant set of portions of the original secret and verifies the consistency of this secret between the two entities.
  • the method and the system according to the invention can be implemented on security equipment or solutions that allow for a minimum of configuration for the user, and notably, in the calculation and the sharing of the pre-shared secret.
  • security equipment or solutions that allow for a minimum of configuration for the user, and notably, in the calculation and the sharing of the pre-shared secret.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
US12/675,667 2007-08-31 2008-08-27 Method for distributing cryptographic keys in a communication network Expired - Fee Related US8345878B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0706126 2007-08-31
FR0706126A FR2920618B1 (fr) 2007-08-31 2007-08-31 Procede de distribution de cles cryptographiques dans un reseau de communication
PCT/EP2008/061257 WO2009027447A2 (fr) 2007-08-31 2008-08-27 Procede de distribution de cles cryptographiques dans un reseau de communication

Publications (2)

Publication Number Publication Date
US20110129090A1 US20110129090A1 (en) 2011-06-02
US8345878B2 true US8345878B2 (en) 2013-01-01

Family

ID=39325646

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/675,667 Expired - Fee Related US8345878B2 (en) 2007-08-31 2008-08-27 Method for distributing cryptographic keys in a communication network

Country Status (4)

Country Link
US (1) US8345878B2 (de)
EP (1) EP2186252B1 (de)
FR (1) FR2920618B1 (de)
WO (1) WO2009027447A2 (de)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2333997A1 (de) * 2009-12-14 2011-06-15 Alcatel Lucent Verfahren zur Dispersitätsübertragung einer Information
US10039808B2 (en) 2014-10-22 2018-08-07 Michael Chez Method of treating or improving neurological function in a human subject
US9925244B1 (en) 2015-02-17 2018-03-27 Michael Chez Treatment of warts in non-immunosuppressed patients
US10853767B1 (en) * 2016-02-14 2020-12-01 Mark Lawrence Method and apparatus to crowd bootstrap recruitment
US11900455B1 (en) * 2016-09-18 2024-02-13 Mark Lawrence Method and apparatus for decentralized VC funds
CN107295505B (zh) * 2017-06-14 2019-07-12 东南大学 无线传感器网络多路径安全传输方法
US10892781B2 (en) * 2017-11-20 2021-01-12 Zebware Ab Method and devices for a reduced repair and update erasure code
US10771476B2 (en) * 2018-03-14 2020-09-08 Cisco Technology, Inc. Defeating man-in-the-middle attacks in one leg of 1+1 redundant network paths

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6182214B1 (en) * 1999-01-08 2001-01-30 Bay Networks, Inc. Exchanging a secret over an unreliable network
US20030072059A1 (en) * 2001-07-05 2003-04-17 Wave7 Optics, Inc. System and method for securing a communication channel over an optical network
US20030084020A1 (en) * 2000-12-22 2003-05-01 Li Shu Distributed fault tolerant and secure storage
WO2006071239A2 (en) 2004-12-29 2006-07-06 Drexel University System and method for secure ad hoc mobile communications and applications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6182214B1 (en) * 1999-01-08 2001-01-30 Bay Networks, Inc. Exchanging a secret over an unreliable network
US20030084020A1 (en) * 2000-12-22 2003-05-01 Li Shu Distributed fault tolerant and secure storage
US20030072059A1 (en) * 2001-07-05 2003-04-17 Wave7 Optics, Inc. System and method for securing a communication channel over an optical network
WO2006071239A2 (en) 2004-12-29 2006-07-06 Drexel University System and method for secure ad hoc mobile communications and applications

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
B. Parrein, et al., "Multimedia Forward Error Correcting Coes for Wireless LAN", Annals of Telecommunications, Get Lavoisier, Paris, FR, vol. 58, No. 3/04, Mar. 1, 2003, pp. 448-463, XP001170095.
B. Parrein, et al., "Multiple Description coding Using Exact Discrete Radon Transform", Proceedings DCC 2001. Data Compression Conference IEEE Comput. Soc Los Alamitos, CA, USA, 2001, p. 508, XP002479414.
Guédon, JeanPierre et al., "The Mojette Transform: The First Ten Years" DCGI 2005, LNCS 3429, pp. 79-91. *

Also Published As

Publication number Publication date
EP2186252A2 (de) 2010-05-19
FR2920618B1 (fr) 2009-10-30
US20110129090A1 (en) 2011-06-02
EP2186252B1 (de) 2012-06-20
WO2009027447A2 (fr) 2009-03-05
WO2009027447A3 (fr) 2009-05-07
FR2920618A1 (fr) 2009-03-06

Similar Documents

Publication Publication Date Title
Hurley-Smith et al. SUPERMAN: security using pre-existing routing for mobile ad hoc networks
US8345878B2 (en) Method for distributing cryptographic keys in a communication network
US20110093696A1 (en) Device and method for directing exchange flows for public or non sensitive values for creating common secret keys between areas
Santos et al. Software-defined networking based capacity sharing in hybrid networks
Wang et al. Toward practical inter-domain source address validation
Li et al. A new scheme for key management in ad hoc networks
Arslan et al. Security issues and performance study of key management techniques over satellite links
Wang et al. T-IP: A self-trustworthy and secure Internet protocol
CN114374564B (zh) 一种内部网关路由链路安全管理系统及方法
Guellier et al. Homomorphic cryptography-based privacy-preserving network communications
Masmoudi et al. Building identity-based security associations for provider-provisioned virtual private networks
Elamathi et al. RETRACTED ARTICLE: Enhanced secure communication over inter-domain routing in heterogeneous wireless networks based on analysis of BGP anomalies using soft computing techniques: N. Elamathi et al.
WO2023183925A1 (en) Serverless mutual authentication
Roy et al. Efficient authentication and key management scheme for wireless mesh networks
Zhao et al. A novel authentication and key agreement scheme for wireless mesh networks
Gahlin Secure ad hoc networking
Altunbasak Layer 2 security inter-layering in networks
Islam et al. Preserving identity privacy in wireless mesh networks
Sehgal et al. A Encryption Based Dynamic and Secure Routing Protocol for Mobile Ad Hoc Network
Ramanarayana et al. Secure routing in integrated mobile ad hoc network (MANET)-internet
Wang et al. A pair-wise key establishment scheme without predistributing keys for ad-hoc networks
Wang et al. Securing wireless mesh networks in a unified security framework with corruption-resilience
Fathi et al. Protocols for purpose-restricted anonymous communications in IP-based wireless networks
Zhang et al. A novel ID-based multi-domain handover protocol for mesh points in WMNs
Rawat et al. Integrated security framework for hybrid wireless mesh networks

Legal Events

Date Code Title Description
AS Assignment

Owner name: THALES, FRANCE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GRALL, ERIC;REEL/FRAME:024072/0398

Effective date: 20100309

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20170101